COBRAS (OP)
Member
Offline
Activity: 846
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
|
|
December 11, 2021, 03:58:13 AM |
|
Subj. Looking for a python scrypt or code for transaction with 1 and many inputs/outputs. Thanks.
|
|
|
|
|
|
"In a nutshell, the network works like a distributed
timestamp server, stamping the first transaction to spend a coin. It
takes advantage of the nature of information being easy to spread but
hard to stifle." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
stanner.austin
Member
Offline
Activity: 67
Merit: 53
|
|
December 11, 2021, 09:33:00 AM |
|
@COBRAS If you have Random(R)/sign(S)/message hash(Z) you can use simple algo. pub = (R*S-G*Z) / R
|
|
|
|
BlackHatCoiner
Legendary
Online
Activity: 1512
Merit: 7342
Farewell, Leo
|
|
December 11, 2021, 01:24:51 PM Last edit: December 11, 2021, 03:35:46 PM by BlackHatCoiner |
|
I'm utterly confused by the title and the OP. Do you want to derive the public key from the R, S, Z values or from a transaction raw that may have many inputs/outputs? If it's the former, it's impossible, if it's the latter then what you want is the bitcoin-cli decoderawtransaction in python.
python-bitcoinlib should have this.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10535
|
|
December 11, 2021, 01:58:14 PM |
|
Do you want to derive the public key from the R, S, Z values or from a transaction raw that may have many inputs/outputs? If it's the former, it's impossible,
It is possible. The logical way is to just read the transaction and almost all signatures come with their public key and viola you have the public key! The other way is to perform what is known as public key recovery operation (section 4.1.6 of Standards for Efficient Cryptography 1 vol. 2). This way you can recover a number of possible public keys from signature and message. Cryptography libraries that support ECC should have this option. In bitcoin libraries you may find it used in message verification methods.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
COBRAS (OP)
Member
Offline
Activity: 846
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
|
|
December 11, 2021, 02:35:51 PM |
|
Do you want to derive the public key from the R, S, Z values or from a transaction raw that may have many inputs/outputs? If it's the former, it's impossible,
It is possible. The logical way is to just read the transaction and almost all signatures come with their public key and viola you have the public key! The other way is to perform what is known as public key recovery operation (section 4.1.6 of Standards for Efficient Cryptography 1 vol. 2). This way you can recover a number of possible public keys from signature and message. Cryptography libraries that support ECC should have this option. In bitcoin libraries you may find it used in message verification methods. I thant filter rsz for needed pubkeyvand remove all what have not exact needed pubkey.
|
|
|
|
BlackHatCoiner
Legendary
Online
Activity: 1512
Merit: 7342
Farewell, Leo
|
|
December 11, 2021, 02:40:03 PM |
|
The other way is to perform what is known as public key recovery operation (section 4.1.6 of Standards for Efficient Cryptography 1 vol. 2). True. Learnt something new today. Actions: Find public key Q as follows.
1. For j from 0 to h do the following. 1.1. Let x = r + jn. 1.2. Convert the integer x to an octet string X of length mlen using the conversion routine specified in Section 2.3.7, where mlen = (log2p)/8 or mlen = m/8. 1.3. Convert the octet string X to an elliptic curve point R using the conversion routine specified in Section 2.3.4. If this conversion routine outputs “invalid”, then do another iteration of Step 1. 1.4. If nR ≠ O, then do another iteration of Step 1. 1.5. Compute e from M using Steps 2 and 3 of ECDSA signature verification. 1.6. For k from 1 to 2 do the following. 1.6.1. Compute a candidate public key as: Q = r-1(sR − eG). 1.6.2. Verify that Q is the authentic public key. (For example, verify the signature of a certification authority in a certificate which has been truncated by the omission of Q from the certificate.) If Q is authenticated, stop and output Q. 1.6.3. Change R to −R. I'd be thankful if you represented the implementation of this as I don't understand what's R. Here's a pair of R, S, Z: 20206c79208eeb03c8ecab3c17a3e9efae5953460c71dff6306ecda4a12533c8, 3604945cde5ea4f3d3f3d4eb007a589b6763c25d5f765bbbadbd554f70abd8ad, 836d795b585d8014d3f015791d183da57e7caf6a678135c345af78b2bfa9317a I googled and found a stackexchange post, but I can't seem to get this: First, you find the two points R, R′ which have the value r as the x-coordinate r. Is R = r * G? Also, if you can derive the public key from R, S, Z why do we have to provide it in the scriptSig? It only takes space and hence, makes the transaction fee greater.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10535
|
I'd be thankful if you represented the implementation of this as I don't understand what's R.
In python and in csharp and CIn an ECDSA signature "r" is the x coordinate of the point "R". You can compute the full point R(x,y) by assuming y was even for this case. First, you find the two points R, R′ which have the value r as the x-coordinate r. Essentially this is what we do when we are verifying transactions but the public key is compressed. But since there we have the y odd/even-ness we can compute only one point but if we don't know it (like the case with r) we have 2 points. Also, if you can derive the public key from R, S, Z why do we have to provide it in the scriptSig? It only takes space and hence, makes the transaction fee greater.
Because recovering public keys is an expensive operation and if we omit public keys from our scripts then verifying blocks and transactions become slower. Also we can recover multiple public keys (up to 4 for secp256k1) which would make verification that much slower. On top of that, we are using hash of the public key and public key has to exist to satisfy OP_SOMEHASH OP_EQUALVERIFY.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
mamuu
Member
Offline
Activity: 71
Merit: 19
|
|
December 11, 2021, 03:31:46 PM |
|
|
1DWA3Sa8i6eHVWV4AG4UP2SBhYB2XrfiHW
|
|
|
COBRAS (OP)
Member
Offline
Activity: 846
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
|
|
December 11, 2021, 04:40:30 PM |
|
|
|
|
|
fxsniper
Member
Offline
Activity: 406
Merit: 45
|
|
December 13, 2021, 11:27:37 AM |
|
COBRAS, Did you try idea puzzle #120 use that script flip/reverse convert from public key to R S Z and try use RSZ to recover private key. I try read from code it is very complex math I can not code. but it is good idea to try do it
|
|
|
|
COBRAS (OP)
Member
Offline
Activity: 846
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
|
|
December 13, 2021, 02:03:37 PM |
|
COBRAS, Did you try idea puzzle #120 use that script flip/reverse convert from public key to R S Z and try use RSZ to recover private key. I try read from code it is very complex math I can not code. but it is good idea to try do it
I dont know any nethod how to get privkey from only one sighnature, so i recomend not qaste your time to try get privkey only from one z or rsz
|
|
|
|
fxsniper
Member
Offline
Activity: 406
Merit: 45
|
|
December 21, 2021, 01:35:29 AM Last edit: December 21, 2021, 07:29:48 AM by achow101 |
|
I dont know any nethod how to get privkey from only one sighnature, so i recomend not qaste your time to try get privkey only from one z or rsz
Ok, I just understand method use RSZ is can use only if bad transaction/signature use same R value or other way use same nonce or use something duplicate or share it will can find difference, but if not have sorting duplicate it can not use to find keys
How to fix this script I found sometime script give result wrong by mission one zero at last y value for uncompressed pub key uncompressed public key 130 character but script give result 129 character compare result it is missing one zero
|
|
|
|
COBRAS (OP)
Member
Offline
Activity: 846
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
|
|
December 21, 2021, 02:16:46 AM |
|
How to fix this script I found sometime script give result wrong by mission one zero at last y value for uncompressed pub key uncompressed public key 130 character but script give result 129 character compare result it is missing one zero https://github.com/iceland2k14/rsz
|
|
|
|
|